Thank you! Issue solved: struct pfring_pkthdr l2tp_header; memset(&l2tp_header, 0, sizeof(l2tp_header)); l2tp_header.len = h->len; l2tp_header.caplen = h->caplen;
On Tue, Dec 9, 2014 at 4:20 PM, Alfredo Cardigliano <[email protected]> wrote: > Hi Pavel > you are zero’ing also the packet length, thus pfring_parse_pkt() is not able > parsing the packet as expected. > > Alfredo > >> On 09 Dec 2014, at 12:46, Pavel Odintsov <[email protected]> wrote: >> >> Hello! >> >> I'm trying to do L2TP packet parser and want to do something like this >> for pasring nested data in l2tp payload: >> >> const u_char *l2tp_tunnel_payload = p + >> h->extended_hdr.parsed_pkt.offset.l4_offset + 4 + 4; >> struct pfring_pkthdr l2tp_header; >> memset(&l2tp_header, 0, sizeof(l2tp_header)); >> pfring_parse_pkt((u_char*)l2tp_tunnel_payload, &l2tp_header, 4, 0, 0); >> >> But parser did not work correctly with abosultely righ shift and I >> tried to parse packet already parsed by kernel for checking it: >> >> const u_char *l2tp_tunnel_payload = p; >> struct pfring_pkthdr l2tp_header; >> memset(&l2tp_header, 0, sizeof(l2tp_header)); >> pfring_parse_pkt((u_char*)l2tp_tunnel_payload, &l2tp_header, 4, 0, 0); >> >> I printed result of kernel parse: >> 2014-12-09 14:12:09,117 [INFO] [00:1F:12:84:E2:E7 -> >> 90:E2:BA:49:85:C8] [IPv4][5.254.105.102:0 -> 159.253.17.251:0] >> [l3_proto=115][hash=2784721876][tos=32][tcp_seq_num=0] >> [caplen=128][len=146][parsed_header_len=0][eth_offset=-14][l3_offset=14][l4_offset=34][payload_offset=0] >> >> And result of second call: >> 2014-12-09 14:12:09,117 [INFO] [00:1F:12:84:E2:E7 -> >> 90:E2:BA:49:85:C8] [IPv4][0.0.0.0:0 -> 0.0.0.0:0] >> [l3_proto=0][hash=0][tos=0][tcp_seq_num=0] >> [caplen=0][len=0][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=0][payload_offset=0] >> >> As you can see second call on same packet with zeroed struct >> pfring_pkthdr struct produces completely incorrect data. >> >> How I should initilize struct pfring_pkthdr correctly for pfring_parse_pkt? >> >> -- >> Sincerely yours, Pavel Odintsov >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Sincerely yours, Pavel Odintsov _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
